Could tshark capture the de-encrypted packet when receiving ESP?
We encounter one problem: When using tshark to capture the packets on one interface(virtio_net). The tshark could capture one ESP packet, and also one packet without ESP header, that has been de-encrypted by kernel to plain packet.
How the tshark captured the second de-encrypted packet?
Thanks, Mark